SYM_JSTS_0155 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user data directly into Playwright's evaluate methods can let attackers execute arbitrary code within the browser context. This exposes your application to security risks when inputs are not properly validated or sanitized.
Impact
If exploited, an attacker could run malicious scripts in the browser, potentially accessing sensitive data, manipulating web pages, or making unauthorized requests from your server. This can lead to data breaches, server-side request forgery (SSRF), or other compromises affecting users and backend systems.